CVE-2017-6484

Name of the Vulnerable Software and Affected Versions INTER-Mediator version 5.5

Description The issue is related to Multiple Cross-Site Scripting (XSS) problems. These problems arise due to inadequate filtering of user-provided data, specifically the c and cred variables, which are passed to the "INTER-Mediator-master/Auth Support/PasswordReset/resetpassword.php" API endpoint. This allows an attacker to execute arbitrary HTML and script code in a browser within the context of the vulnerable website.

Recommendations For INTER-Mediator version 5.5, as a temporary workaround, consider restricting access to the "INTER-Mediator-master/Auth Support/PasswordReset/resetpassword.php" API endpoint until a patch is available. Additionally, avoid using the c and cred variables in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.